Skip to content

Commit

Permalink
[DO-1970] update dashboard secrets to external secrets operator (#818)
Browse files Browse the repository at this point in the history
  • Loading branch information
@duje-begonja-rdx
duje-begonja-rdx authored Nov 14, 2023
1 parent a7ebf75 commit 2297e95
Show file tree
Hide file tree
Showing 14 changed files with 63 additions and 71 deletions.
13 changes: 0 additions & 13 deletions deploy/helm/dashboard/dashboard/templates/basic-auth-secret.yaml
View file

This file was deleted.

24 changes: 16 additions & 8 deletions deploy/helm/dashboard/dashboard/templates/docker-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,23 @@
{{- if .Values.dashboard.docker_secret.enabled -}}
apiVersion: kubernetes-client.io/v1
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: docker-hub-dev
# name of ExternalSecret under CRD section
name: dockerhub-dev
spec:
backendType: secretsManager
region: {{ .Values.dashboard.docker.secrets.region }}
template:
type: kubernetes.io/dockerconfigjson
refreshInterval: 1h
secretStoreRef:
name: main
kind: ClusterSecretStore
target:
# name of actual secret under Config/Secrets, not required will use .metadata.name
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
data:
- key: {{ .Values.dashboard.docker.secrets.name }}
name: .dockerconfigjson
- secretKey: .dockerconfigjson
remoteRef:
key: {{ .Values.dashboard.docker.secrets.name }}
version: "AWSCURRENT"
property: dockerconfigjson
{{- end }}
23 changes: 14 additions & 9 deletions deploy/helm/dashboard/dashboard/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,21 @@
{{- range .Values.dashboard.secrets }}
---
apiVersion: kubernetes-client.io/v1
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .name }}
spec:
backendType: secretsManager
region: {{ .region }}
refreshInterval: 1h
secretStoreRef:
name: main
kind: ClusterSecretStore
target:
creationPolicy: Owner
data:
- key: {{ .path }}
name: {{ .secretName }}
{{- if .secretProperty }}
property: {{ .secretProperty }}
{{- end }}
{{- end }}
- secretKey: {{ .secretName }}
remoteRef:
key: {{ .path }}
{{- if .secretProperty }}
property: {{ .secretProperty }}
{{- end }}
{{- end }}
3 changes: 1 addition & 2 deletions deploy/helm/dashboard/dashboard/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ dashboard:
tag: ""

imagePullSecrets:
- name: docker-hub-dev
- name: dockerhub-dev

nameOverride: "dashboard"

Expand Down Expand Up @@ -68,7 +68,6 @@ dashboard:

docker:
secrets:
region: eu-west-1
name: docker.io/radixdlt

# Set it to true if you want to secret to be deployed.
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/dev/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,18 +24,16 @@ dashboard:
enable_db_migrations: true

secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rdx-works-main-dev/eks/dashboard/postgres"
secretProperty: "database-url-hammunet"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/enkinet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
PUBLIC_NETWORK_NAME: "enkinet"

secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rdx-works-main-dev/eks/dashboard/postgres"
secretProperty: "database-url-enkinet"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/gilganet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
PUBLIC_NETWORK_NAME: "gilganet"

secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rdx-works-main-dev/eks/dashboard/postgres"
secretProperty: "database-url-gilganet"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/hammunet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
PUBLIC_NETWORK_NAME: "hammunet"

secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rdx-works-main-dev/eks/dashboard/postgres"
secretProperty: "database-url-hammunet"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/mainnet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
NETWORK_GATEWAY_API: https://mainnet.radixdlt.com
PUBLIC_NETWORK_NAME: "mainnet"
secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rtlj-prod/eks/dashboard/mainnet/postgres"
secretProperty: "database-url"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rtlj-prod/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"


ingress:
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/mardunet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
URL: https://mardunet-dashboard.rdx-works-main.extratools.works

secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rdx-works-main-dev/eks/dashboard/postgres"
secretProperty: "database-url-mardunet"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
3 changes: 1 addition & 2 deletions deploy/helm/dashboard/environments/pr/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,11 @@ dashboard:
URL: https://dashboard-pr-{{ .StateValues.ci.prNumber }}.rdx-works-main.extratools.works

secrets:
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rdx-works-main-dev/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"

ingress:
enabled: true
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/dashboard/environments/stokenet/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,18 +23,16 @@ dashboard:
NETWORK_GATEWAY_API: https://babylon-stokenet-gateway.radixdlt.com
PUBLIC_NETWORK_NAME: "stokenet"
secrets:
- name: database-url
- name: database-url-v2
variable: "DATABASE_URL"
path: "rtlj-prod/eks/dashboard/stokenet/postgres"
secretProperty: "database-url"
secretName: "database-url"
region: "eu-west-2"
- name: jwt-secret
- name: jwt-secret-v2
variable: "JWT_SECRET"
path: "rtlj-prod/eks/dashboard/jwt"
secretProperty: "jwt-secret"
secretName: "jwt-secret"
region: "eu-west-2"


ingress:
Expand Down
24 changes: 16 additions & 8 deletions deploy/helm/dashboard/storybook/templates/docker-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,23 @@
{{- if .Values.storybook.docker_secret.enabled -}}
apiVersion: kubernetes-client.io/v1
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: docker-hub-dev
# name of ExternalSecret under CRD section
name: dockerhub-dev
spec:
backendType: secretsManager
region: {{ .Values.storybook.docker.secrets.region }}
template:
type: kubernetes.io/dockerconfigjson
refreshInterval: 1h
secretStoreRef:
name: main
kind: ClusterSecretStore
target:
# name of actual secret under Config/Secrets, not required will use .metadata.name
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
data:
- key: {{ .Values.storybook.docker.secrets.name }}
name: .dockerconfigjson
- secretKey: .dockerconfigjson
remoteRef:
key: {{ .Values.storybook.docker.secrets.name }}
version: "AWSCURRENT"
property: dockerconfigjson
{{- end }}
2 changes: 1 addition & 1 deletion deploy/helm/dashboard/storybook/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ storybook:
tag: ""

imagePullSecrets:
- name: docker-hub-dev
- name: dockerhub-dev

nameOverride: "storybook"

Expand Down

0 comments on commit 2297e95

Please sign in to comment.